pgAdmin 4 is a free open source graphical management tool for PostgreSQL. This article will help you to understand the advantages of hosting a pgAdmin application as a web application in your Cloud environment and the steps involved on how to install pgAdmin on Kubernetes using Helm Chart. For documentations on pgAdmin visit the official website.
My web application developers required access to the Postgres database server for some development activity and same time I am concerned about the security of our database from in-house and externally as opening up a database port to the internet is always a terrible idea. Developers set up PGAdmin in several ways who need quick access to debug databases running on the Kubernetes cluster in Cloud.
I solved this problem by deploying/hosting pgAdmin as a K8s application and adding pgAdmin application behind proxy while keeping the database ports accessible only inside the network(within the same VPC) and putting pgAdmin application behind mutual authentication(required certificates to run the application). User management within pgAdmin creates another layer of security where I have enabled two-way authentication for users before login in into the database server that always requires a DB password to access from Application but cluster details are in an abstract form that can not be used from outside this application. Now the database is accessible via a proxy for an extra layer of authentication and voilà, super easy and super secure database accessible from anywhere.
To summarise below are the benefits that I see:-
- pgAdmin 4 is a free open source graphical management tool for PostgreSQL.
- Fast(app and db on same vpc network) and scalable(by increasing replicasets).
- Secured with Mutual Authenticators/HTTPS, user management. Blocks DB IP and port to the outside world. Enable two-way authentication for users.
- Pgadmin is not hosted directly but behind nginx proxy server.
- I do not need to share server/cluster ips along with port details with everyone. Just log in to the hosted application service and you have preconfigures db cluster details.
- Abstraction : Abstraction is the concept that “shows” only essential attributes and “hides” unnecessary information(DB Server Name and Port). This preconfigured postgres details are in abstract form and using internal ips – which means not accessible even if you try to use the same details from your local installed pgAdmin.
- User management : User created in pgadmin required to enter password of saved server everytime to login, as it is not accessible from outside vpc therefore sharing password with team is not an issue which supposed to work for within pgadmin
- Same version for all developers.
- When an employee leaves the project it would require me to secure db passwords that were known to that resource to avoid further unathourized access. Changing Production passwords and refreshing all connected servers is not a good practice therefore with pgAdmin hosting I have to simply delete the pgAdmin user created for him/her.
Next Article I will show you steps on how to install pgAdmin docker image in your Kubernetes Cluster.